USV: 2017 Part 2 CTF Walkthrough

In this article, we will continue the Capture the Flag (CTF) challenge which was posted on VulnHub by Suceava University. As you may already know from my previous capture-the-flag articles, Vulnhub.com is a platform which provides vulnerable applications/machines for security researchers to get practical, hands-on experience conducting pentests on vulnerable applications.

You can check my previous articles for more information related to CTF challenges. In this article we will exploit a VM named “USV: 2017” on the VulnHub website. You can use this link to download the VM and launch it on VirtualBox. The torrent downloadable URL is also available for this VM, which is given in the reference section at the end of this article.

As per the description given on the VulnHub website, this is the VM used in the online qualifications phase of the CTF-USF 2017 (Capture the Flag — Suceava University) contest. The objective of the CTF is to capture the 5 flags which are by the names of the cities. The city list is given below for the flag.

  1. Croatia
  2. France
  3. Italy
  4. Laos
  5. Philippines

In the part 1 of this article we already captured two flags, Italy and Croatia. You can check out part one of this CTF here.

We used the netdiscover command to find the virtual machine IP address in the part one of this article. We will use the same Virtual machine IP address i.e., 192.168.100.7 (Target Machine IP Address). I have restarted my virtual machine, so the target IP has change to 192.168.11.6.

Please Note: The Target and Attacker machine may be different on the network configuration.

Let’s move on to complete the CTF challenge and capture the other flags.

In the previous article we got another http port, so I started a (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nikhil Kumar. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/uKJyrZrpZHk/